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computer,  and  a phone  line  can  obtain  instant,  low-cost  access  to 
highly  personal  information  about  us  and  our  families?  What  will 
such  access  mean  to  businesses,  which  often  collect  and  use  such 
information,  but  which  have  their  own  privacy  and  confidentiality 
concerns  as  well?  What  will  such  pervasive  public  access  to  PII 
mean  to  government  and  social  institutions?  What  will  it  mean  to 
the  pursuit  of  happiness  and  other  quests  of  the  human  soul? 

We  believe  that  PII  levels  about  each  of  us  will  soon  approach 
a kind  of  critical  mass  (both  in  depth  of  detail  and  in  degree  of  ac- 
cess), and  that  the  unprecedented  public  accessibility  of  private 
information  will  generate  a considerable  hue  and  cry  in  response. 
Consequently,  we  believe,  a tension  between  the  growth  and  opti- 
mization of  the  Internet,  and  the  growth  and  optimization  of  what 
is  uniquely  human,  will  arise  and  might  perhaps  produce  a dy- 
namic equilibrium,  a new  solution  that  can  balance  the  societal 
demand  for  technical  and  economic  growth  with  individual  needs 
for  privacy,  dignity,  and  freedom.  This  book  is  an  exploration  of 
the  new  Internet  privacy  and  security  landscape,  in  search  of  this 
solution. 


TRUSTe  and  Full  Disclosure 


The  Internet  privacy  and  security  zone  is  terrain  we  know  fairly 
3Ve,  well.  Four  years  ago  we  founded  the  Internet  privacy  assurance  or- 

:aS1J  ganization  TRUSTe  (www.TRUSTe.org).  We  have  remained  ac- 

al,d’  five,  unpaid  volunteers  for  TRUSTe  ever  since.  Lori  still  serves  on 

its  board  of  directors,  as  chairman. 

je  TRUSTe  now  has  over  one  thousand  licensees  in  its  online  pri- 

vacy  assurance  program.  Participating  websites  agree  to  post  and  ad- 
here to  privacy  policies  in  exchange  for  the  right  to  display  the 
king  TRUSTe  seal  on  their  site.  TRUSTe  does  not  make  judgments  about 

how  these  licensees  collect  and  use  data,  so  long  as  they  openly  dis- 

tha 


lntr° 


,<lucti°n 


to  site  visitors.  Disclosure  by  a wefo; 
,heit  PH  P^'Xmation  not  only  leads  to  account^ 
th  private  m*0.  cJonrp.  And  what  s true  on  th.i 


of 


cl0Se, teats  private  n'fo  fidence.  And  what's  true  on  the  \&' 

hrbuil*u^rtrUStaedia  including  books  such  as  this  one 
f°tue  in  analog  me  . imilation  have  shown  that  selAd 

ra«.»su.n.„bawt>^ 

Insure  is  actual ly  on  osure  from  your  authors. 

k,  here,  then,  s a n of  the  Electronic  Frontier  F0Undj. 

Lori  is  curre  nterliet  electronic  r.glrts  advocacy  group,  and  haj 
tion.apromment  of  djrectors  of  such  Internet  firms  as  Critical 
served  on  the  bo  ^ charles  is  founder  and  CEO  ofSupet. 
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through  investment  or  consulting,  a number  of  other  Internet  com- 
panies  as  well,  most  of  which  have  been  directly  or  indirectly  in- 

volved  in  computer  and  Internet  security  issues. 

Privacy-loving  though  we  are,  no  one  has  ever  accused  either  of 
us  of  being  shy  about  expressing  our  opinions.  Here,  therefore,  are 
our  beginning  biases  and  opinions: 

• We  are  aggressively  pro-privacy.  We  consider  respect  for  indi 
vidual  privacy  a bedrock  human  value.  We  believe  that  a 
users  of  the  Internet  need  to  understand — and  have  an  hrhei 
ent  right  to  know  and  control — how  information  about  thei 
is  being  collected  and  used. 

* Relieve  that  privacy  helps  keep  us  free— free,  am01^ 

# ^er  ^lings,  to  make  and  learn  from  our  own  mistakes-  ^ 

e recognize  that  the  Internet  business  community 
niquely  interconnected  industry  operating  in  an  ^ . 
nsparent  environment;  and  feel  that  the  pioneers  of  1 


dustry  have,  f 
ethical  stand; 
ity  about  the 

• We  believe  t 
use  of  PI  I,  a 
(fortunately) 
of  trust  will 
vacy,  and  se 
of  electrons 

• We  are  cert; 
uses  of  info 
very  ones  tl 
mation  in 
prime  exan 

• We  believe 
with  respe< 
and  that  tl 
own  PII  p 
addresses, 
dossiers  tl 
ment  pup 

• We  bel^ 
enforcing 
obvious  \ 
unenforc 

• We  valui 
can,  ofte 
Alaska  o 
We  beli< 
part  of  r 

We  shouh 

this  book  is  n< 


xx 


Introduction 


dustry  have,  for  the  most  part,  operated  with  surprisingly  high 
ethical  standards  if  perhaps  not  yet  enough  care  and  sensitiv- 
ity about  the  confidentiality  of  private  personal  information. 

• We  believe  that  the  business  stakes  surrounding  privacy,  the 
use  of  PII,  and  the  development  of  customer  trust  are  huge 
(fortunately),  and  that  the  development  of  new  technologies 
of  trust  will  be  central  to  the  solution  of  ongoing  trust,  pri- 
vacy, and  security  issues  and,  indeed,  the  continued  growth 
of  electronic  commerce. 

• We  are  certain  that  some  of  the  most  powerful  and  beneficial 
uses  of  information  technology  in  the  years  ahead  will  be  the 
very  ones  that  require  the  greatest  amounts  of  personal  infor- 
mation in  order  to  be  effective  (medical  treatments  are  a 
prime  example,  but  there  are  many  others). 

• We  believe  that  government  has  a very  important  role  to  play 
with  respect  to  the  use  of  PII  for  business  and  other  purposes, 
and  that  this  role  begins  with  leading  by  example,  getting  its 
own  PII  practices  in  order  and  making  sure  people’s  names, 
addresses,  auto  license  plate  numbers,  and  government 
dossiers  that  were  collected  for  a specific  citizen-to-govern- 
ment  purpose  don’t  end  up  online  or  resold. 

• We  believe,  further,  that  government  should  concentrate  on 
enforcing  existing  laws  well,  and  tackling  very  specific  and 
obvious  problems,  before  rushing  to  pass  generic,  vague,  or 
unenforceable  privacy  regulations. 

• We  value  and  protect  our  own  personal  privacy  as  best  we 
can,  often  to  the  extent  of  heading  into  the  backwoods  of 
Alaska  or  Oregon,  respectively,  without  so  much  as  a beeper. 
We  believe  that  preserving  fully  private  experiences  is  a vital 
part  of  retaining  our  cultural  and  environmental  heritage. 

We  should  also  disclose  now,  lest  there  be  any  confusion,  that 
this  book  is  not  intended  to  be  a sober  treatise  on  privacy  and  pub- 
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Appendix  A 

W^h-1^  ^ 0n  t*le 

Web.  Consumer  Dos 
and  Don’ts 


Good  company-to-customer  relationships  are  built  on  trust.  More  and 
m0re  compan.es  are  address.ng  users’  concern  about  privacy  b fe 
„p,„g  dear  mternal  pnvacy  policies  and  by  post.ng  pr.vacysta  erne  ,'s 
about  these  polices  on  then  websites.  The  better  companies  also  get 
your  consent  before  collecting  or  sharing  personal  information  In  the 
end,  however,  you  are  the  single  most  powerful  protector  of  your  privacv 
online.  It’s  your  voice  and  your  choice  that  will  make  the  difference. 

There  are  plenty  of  commonsense  rules  and  take-charge  tips  for  safe- 
guarding your  privacy  online;  TRUSTe  has  compiled  some  of  the  most  ba- 
sic ones  (grouped  by  subject)  to  help  you  along.  These  guidelines  are 
presented  below,  and  together  constitute  a good  summary  of  solid  privacy 
protection  practices  for  the  average  Internet  user. 


Privacy  Statements  and  Seal  Programs 

^ead  the  posted  privacy  statements  of  individual  websites  to  find  out  what 
Per$onal  information  they  gather,  how  it  is  collected,  and  with  whom  it 
wi”  be  shared. 
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Look  for  third-party  seals,  such  as  the  TRUS'Ie  ■ -« 

seals  indicate  that  the  website  has  agreed  to  submit  l 
sight  and  compliance  review.  In  other  words,  an  outsid 
make  sure  that  the  website  actually  adheres  to  its 
These  seals  usually  link  to  the  privacy  statement  anu  ro  the 
agency’s  website. 
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If  you  can’t  find  a website’s  privacy  policies,  contact  the  si 
rectly  and  ask  for  a copy  of  its  privacy  collection  and  dissemin 
practices. 


le  site  di- 
vination 


Bulletin  Boards/Chat  Rooms 


Be  aware  that  when  you  provide  your  name  and/or  messages  to  others  on- 
line through  a bulletin  board  or  chat  group,  they’ll  probably  be  able  to 

find  out  how  to  communicate  with  you— whether  you  want  them  to  or 
not. 

Ward  off  e-mail  messages  from  strangers  by  not  participating  in  online 
chats  and  bulletin  boards.  Or  consider  using  a screen  name  that  doesn’t 
directly  identify  you. 


Children 


Establish  a clear  set  of  online  rules  for  your  children.  You  can  always  mod- 
ify or  add  to  the  rules  as  you  and  your  children  become  more  comfortable 
on  the  Internet. 

Teach  your  children  not  to  give  out  their  names  or  other  personal  in- 
formation online  without  your  permission  — just  as  they  should  not  talk 
to  strangers!  Tell  your  children  to  get  your  permission  before  responding 
to  online  surveys  or  to  games,  clubs,  or  prizes  that  require  personal  infor- 
mation for  eligibility. 

As  an  added  measure  of  protection,  look  into  purchasing  parental 
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the  Web 
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' There  are  software  tools  that  block  children  fro,„ 
sona|  information  online,  give  them  Internet  access  to  only  ^ 

determined  by  you  or  only  at  certain  times  of  the  day  and  'T'**' 
tt.ith  a report  of  the  places  your  children  visit  online.  ' ’ Pr°V'de  y°U 
Parental  control  software  is  inexpensive  and  easy  to  install  on  your 

computer- 

Find  out  whether  your  Internet  service  provider  has  the  technology  to 
restrict  children  s access  to  specified  sites  and  prevent  online  data  transac- 
tions. A number  of  commercial  online  providers  have  this  technology,  and 
all  you  need  to  do  is  request  that  it  be  activated. 

Cookies 

Check  to  see  whether  cookie  files  have  been  deposited  on  your  computer. 
If  you  have  a PC,  look  for  a file  on  your  hard  drive  labeled  "cookies. W"  for 
Netscape  browsers  and  the  directory  \windows\cookies  for  IE  browsers; 
look  for  a file  called  “magic  cookies”  if  you  use  a Macintos  . 
move  these  files  from  your  hard  drive.  may  be  able  t0 

If  you  have  a new  version  o ro  . fi,  tbatyouwishtobeno- 

specify  that  you  don’t  want  to  receive  coo  ie  ^ Qnto  your  hard  drive, 
tified  when  a website  is  about  to  deposi  our  software  package 

Look  under  the  headings  Preferences  or  Options 

for  such  choices,  if  available. 


Credit  Reporting  Agenc,es 

Credit  a y comp®* 

f your  credit  report- 5hEqllifex  at  1-800- 

:ally  request  a copy  0 . about  y011, 

ve  asked  for  credit  information 
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